← Back to login

BOO Auth — Cookie Policy

Last updated: 21 May 2026

Overview

  1. We are BOO Studio Pty Ltd (ACN 624 302 469), trading as BOO Soft (“BOO Soft”, “BOO Auth”, “we”, “us”, “our”).

  2. This page describes the cookies BOO Auth uses and should be read together with our Privacy Policy.

  3. Cookies are small files stored on your device (computer or mobile device). When you visit our website, we collect information from you automatically through cookies. For more information, visit: https://www.allaboutcookies.org/

  4. BOO Auth uses only essential cookies required to authenticate you and to protect requests against cross-site request forgery. We do not use behavioural advertising, remarketing, or third-party analytics cookies on the BOO Auth Service.

Cookies and Tracking

  1. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you refuse the cookies BOO Auth requires for authentication, you will not be able to sign in or use the Service.

  2. The cookies BOO Auth sets perform the following functions:

    a. Keeping you signed in during a browser session.

    b. Protecting your session from cross-site request forgery (CSRF) attacks.

  3. Types of cookies in use:

    a. Session Cookies: Issued at login. Stored as an opaque session identifier on your device; the corresponding session record lives on our servers. Marked HttpOnly and Secure (in production), with SameSite=Lax.

    b. CSRF Cookies: A short-lived token tied to your session that browser-based requests echo back as proof of origin.

List of Cookies

  1. The cookies BOO Auth sets at the time of this policy’s last update:
Name Provider / Domain Purpose Retention Period
booauth_session The BOO Auth host (e.g. booauth.com) Authentication / session management. HttpOnly, Secure in production, SameSite=Lax. Up to 30 days, or until logout.
CSRF cookie The BOO Auth host Cross-site request forgery defence for state-changing requests from the browser. Session-bound; rotated as needed.
  1. Customer Applications that authenticate users via BOO Auth may set their own cookies on their own domains. Those cookies are governed by the privacy and cookie policies of those Customer Applications, not by this policy.

Why we do not use marketing cookies

  1. BOO Auth is an authentication service, not a marketing surface. We do not embed advertising trackers, social pixels, fingerprinting scripts, or third-party analytics on the BOO Auth Service. If we ever introduce optional analytics, you will be notified in advance and opt-in consent will be required where required by your jurisdiction.

Changes to This Document and Our Other Documents

  1. We may update this document from time to time. Any changes will be notified via posting the updated information on this page.

  2. We will let you know via email and/or a prominent notice on the Service, prior to any material change becoming effective, and update the “Last updated” date at the top of this document.

  3. You are advised to review this document periodically for any changes. Changes to this document are effective when they are posted on this page.

Related documents:

Document Location
Privacy Policy /privacy
Terms of Service /terms